View Full Version : Trovi Attached
Beadbud5000
2014-04-28, 17:06
Trovi.com indicated a "brand" has attached itself to your browser. Firefox was affected here.
I ran the diagnostic tool DLD?
I can not zip
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2014 1:33:52 PM
System Uptime: 4/28/2014 8:38:21 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | A8V-XE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 197.139 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID:
Description:
Device ID: ACPI\PNPB006\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&2411E6FE&0
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Linux_Mint_Main
Microsoft .NET Framework 3.5 SP1
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Display Control Panel
NVIDIA Drivers
PVSonyDll
Spybot - Search & Destroy
Ubuntu
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Rhine Family Fast Ethernet Adapter
.
==== End Of File ===========================
Please help!
Also
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16386
Run by budzone at 9:33:19 on 2014-04-28
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.932 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <-loopback>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F} : DHCPNameServer = 65.32.5.111 65.32.5.112
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~1\optimi~1\optpro~2.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\budzone\appdata\roaming\mozilla\firefox\profiles\dn0p235l.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2014-3-30 46248]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-30 55224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2014-3-30 1153368]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-30 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-30 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-30 171416]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2009-5-15 43520]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\cltmngsvc.exe --> c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [?]
S2 Level Quality Watcher;Level Quality Watcher;c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010010000000000000000000000 sourceguid=bba5481a-926b-4561-bd79-249f618495e6 --> c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 [?]
S2 Update PlurPush;Update PlurPush;"c:\program files\plurpush\updateplurpush.exe" --> c:\program files\plurpush\updatePlurPush.exe [?]
.
=============== Created Last 30 ================
.
2014-04-26 10:53:29 -------- dc----w- c:\program files\SearchProtect
2014-04-25 11:06:52 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{52e41676-e821-4cc7-a7b1-c7595233dd5b}\mpengine.dll
2014-04-24 12:42:47 -------- d-----w- c:\users\budzone\appdata\local\Google
2014-04-13 17:56:25 -------- d-----w- C:\ubuntu
2014-04-12 12:14:25 -------- d-----w- C:\mint
2014-04-10 02:15:47 -------- dc----w- C:\bud
2014-04-08 16:08:13 -------- dc----w- C:\787a51d3de09fd4ab9
2014-04-08 00:36:23 -------- dc----w- c:\program files\NVIDIA Corporation
2014-04-08 00:32:44 -------- dc----w- C:\3a0cf218a18bad4512376e
2014-04-08 00:29:38 229888 ----a-w- c:\windows\system32\msshsq.dll
2014-04-05 10:26:34 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-04-05 10:25:27 268800 ----a-w- c:\windows\system32\es.dll
2014-04-05 10:25:06 549888 ----a-w- c:\windows\system32\rpcss.dll
2014-04-05 10:25:05 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-04-05 10:25:05 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2014-04-05 10:25:05 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2014-04-05 10:25:05 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2014-04-05 10:25:05 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-04-05 10:25:05 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2014-04-05 10:25:04 97280 ----a-w- c:\windows\system32\iasrecst.dll
2014-04-05 10:25:04 53248 ----a-w- c:\windows\system32\iasads.dll
2014-04-05 10:25:04 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2014-04-05 10:25:04 158720 ----a-w- c:\windows\system32\sdohlp.dll
2014-04-05 10:24:05 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2014-04-05 10:24:05 223232 ----a-w- c:\windows\system32\WMASF.DLL
2014-04-05 10:24:05 2048 ----a-w- c:\windows\system32\asferror.dll
2014-04-05 10:23:52 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-05 10:23:52 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-04-05 10:23:51 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-04-05 10:23:15 61440 ----a-w- c:\windows\system32\ntprint.exe
2014-04-05 10:23:15 220160 ----a-w- c:\windows\system32\ntprint.dll
2014-04-05 10:23:14 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-05 10:23:14 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2014-04-05 10:23:13 1984512 ----a-w- c:\windows\system32\authui.dll
2014-04-05 10:23:11 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2014-04-05 10:23:11 69632 ----a-w- c:\windows\system32\sendmail.dll
2014-04-05 10:22:32 441856 ----a-w- c:\windows\system32\win32spl.dll
2014-04-05 10:22:32 37376 ----a-w- c:\windows\system32\printcom.dll
2014-04-05 10:22:13 2031104 ----a-w- c:\windows\system32\win32k.sys
2014-04-05 10:21:53 14848 ----a-w- c:\windows\system32\wshrm.dll
2014-04-05 10:21:53 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2014-04-05 10:21:24 43520 ----a-w- c:\windows\system32\msdxm.tlb
2014-04-05 10:21:24 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2014-04-05 10:21:24 18432 ----a-w- c:\windows\system32\amcompat.tlb
2014-04-05 10:20:32 312320 ----a-w- c:\windows\system32\msdrm.dll
2014-04-05 10:20:31 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-05 10:20:31 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-05 10:20:30 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-05 10:20:30 515584 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-05 10:20:30 472576 ----a-w- c:\windows\system32\secproc.dll
2014-04-05 10:20:30 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-05 10:20:30 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-05 10:20:29 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-05 10:18:42 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-04 23:19:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-04-04 23:19:07 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-04-04 23:19:07 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-04-04 23:19:07 11264 ----a-w- c:\windows\system32\icardres.dll
2014-04-04 23:19:02 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-04-04 23:19:02 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-04-04 23:19:02 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2014-04-04 23:19:02 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 14:02:51 -------- d-----w- c:\users\budzone\appdata\local\Adobe
2014-03-31 23:02:33 72704 ----a-w- c:\windows\system32\fontsub.dll
2014-03-31 23:02:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-03-31 23:02:33 289792 ----a-w- c:\windows\system32\atmfd.dll
2014-03-31 23:02:33 24064 ----a-w- c:\windows\system32\lpk.dll
2014-03-31 23:02:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2014-03-31 23:02:33 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-03-31 23:00:43 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-31 23:00:43 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-31 23:00:06 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2014-03-31 23:00:05 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2014-03-31 23:00:05 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2014-03-31 22:58:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2014-03-31 22:58:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2014-03-31 22:58:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2014-03-31 22:58:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2014-03-31 22:58:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2014-03-31 22:58:53 15360 ----a-w- c:\windows\system32\netevent.dll
2014-03-31 22:58:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2014-03-31 22:58:53 103936 ----a-w- c:\windows\system32\netiohlp.dll
2014-03-31 22:58:53 10240 ----a-w- c:\windows\system32\finger.exe
2014-03-31 22:57:52 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2014-03-31 22:57:51 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2014-03-31 22:57:50 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2014-03-31 22:57:50 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2014-03-31 22:57:48 542720 ----a-w- c:\windows\system32\sysmain.dll
2014-03-31 22:57:47 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2014-03-31 22:57:47 502784 ----a-w- c:\windows\system32\wlansvc.dll
2014-03-31 22:57:47 47104 ----a-w- c:\windows\system32\wlanapi.dll
2014-03-31 22:57:47 297984 ----a-w- c:\windows\system32\wlansec.dll
2014-03-31 22:57:47 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2014-03-31 22:57:17 194560 ----a-w- c:\windows\system32\WebClnt.dll
2014-03-31 22:57:17 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-03-31 22:56:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-03-31 22:56:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-31 22:56:44 1406464 ----a-w- c:\windows\system32\msxml6.dll
2014-03-31 22:56:44 1260032 ----a-w- c:\windows\system32\msxml3.dll
2014-03-31 22:55:58 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-03-31 22:55:58 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-31 22:55:58 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-03-31 22:55:26 49664 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-31 22:55:26 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-03-31 22:54:53 98816 ----a-w- c:\windows\system32\mfps.dll
2014-03-31 22:54:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2014-03-31 22:54:53 2855424 ----a-w- c:\windows\system32\mf.dll
2014-03-31 22:54:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-03-31 22:54:53 2048 ----a-w- c:\windows\system32\mferror.dll
2014-03-31 22:54:07 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-31 22:54:06 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-03-31 22:51:51 434176 ----a-w- c:\windows\system32\vbscript.dll
2014-03-31 22:51:10 71680 ----a-w- c:\windows\system32\atl.dll
2014-03-31 22:50:06 297472 ----a-w- c:\windows\system32\gdi32.dll
2014-03-31 22:49:35 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2014-03-31 22:49:35 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-31 22:49:05 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2014-03-31 22:49:05 30208 ----a-w- c:\windows\system32\xolehlp.dll
2014-03-31 22:48:27 156160 ----a-w- c:\windows\system32\wkssvc.dll
2014-03-31 22:47:43 36352 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-31 22:47:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2014-03-31 22:47:43 116736 ----a-w- c:\windows\system32\aaclient.dll
2014-03-31 22:46:53 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2014-03-31 22:45:58 414208 ----a-w- c:\windows\system32\msscp.dll
2014-03-31 22:45:33 713728 ----a-w- c:\windows\system32\timedate.cpl
2014-03-31 22:45:03 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2014-03-31 22:44:37 86016 ----a-w- c:\windows\system32\icfupgd.dll
2014-03-31 22:44:37 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-03-31 22:44:37 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2014-03-31 22:44:37 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-03-31 22:44:37 16896 ----a-w- c:\windows\system32\wfapigp.dll
2014-03-31 22:44:36 61952 ----a-w- c:\windows\system32\cmifw.dll
2014-03-31 22:44:09 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2014-03-31 22:44:08 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2014-03-31 22:44:08 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2014-03-31 22:44:08 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2014-03-31 22:42:51 1244672 ----a-w- c:\windows\system32\mcmde.dll
2014-03-31 22:42:50 80896 ----a-w- c:\windows\system32\MSNP.ax
2014-03-31 22:42:50 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-03-31 22:42:50 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-03-31 22:42:50 428032 ----a-w- c:\windows\system32\EncDec.dll
2014-03-31 22:42:50 292352 ----a-w- c:\windows\system32\psisdecd.dll
2014-03-31 22:42:50 217088 ----a-w- c:\windows\system32\psisrndr.ax
2014-03-31 22:42:50 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2014-03-31 22:40:44 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-31 22:40:05 696832 ----a-w- c:\windows\system32\localspl.dll
2014-03-31 22:38:55 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2014-03-31 22:38:55 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2014-03-31 22:38:55 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-03-31 22:38:55 20024 ----a-w- c:\windows\system32\drivers\viaide.sys
2014-03-31 22:38:55 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2014-03-31 22:38:55 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-03-31 22:38:43 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2014-03-31 22:38:28 2923520 ----a-w- c:\windows\explorer.exe
2014-03-31 22:37:55 8704 ----a-w- c:\windows\system32\hcrstco.dll
2014-03-31 22:37:55 8704 ----a-w- c:\windows\system32\hccoin.dll
2014-03-31 22:37:55 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-31 22:37:55 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-31 22:37:54 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-31 22:37:54 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-31 22:37:54 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-31 22:37:54 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-31 22:37:37 97792 ----a-w- c:\windows\system32\cabview.dll
2014-03-31 22:37:09 171520 ----a-w- c:\windows\system32\wintrust.dll
2014-03-31 22:36:34 494592 ----a-w- c:\windows\system32\kerberos.dll
2014-03-31 22:36:33 272384 ----a-w- c:\windows\system32\schannel.dll
2014-03-31 22:36:03 24064 ----a-w- c:\windows\system32\netcfg.exe
2014-03-31 22:32:03 1585664 ----a-w- c:\windows\system32\setupapi.dll
2014-03-31 22:30:49 62464 ----a-w- c:\windows\system32\l3codeca.acm
2014-03-31 22:30:49 220672 ----a-w- c:\windows\system32\l3codecp.acm
2014-03-31 22:30:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-03-31 22:30:26 22016 ----a-w- c:\windows\system32\netiougc.exe
2014-03-31 22:30:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2014-03-31 22:30:26 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-03-31 22:30:26 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2014-03-31 22:30:26 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2014-03-31 22:30:25 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-03-31 22:29:55 25600 ----a-w- c:\windows\system32\amxread.dll
2014-03-31 22:29:55 14848 ----a-w- c:\windows\system32\apilogen.dll
2014-03-31 22:28:42 33280 ----a-w- c:\windows\system32\slwmi.dll
2014-03-31 22:28:42 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2014-03-31 22:28:42 223232 ----a-w- c:\windows\system32\SLC.dll
2014-03-31 22:28:41 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2014-03-31 22:28:41 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2014-03-31 22:28:41 351232 ----a-w- c:\windows\system32\SLUI.exe
2014-03-31 22:28:41 186368 ----a-w- c:\windows\system32\SLLUA.exe
2014-03-31 22:28:38 39936 ----a-w- c:\windows\system32\slcinst.dll
2014-03-31 22:28:38 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2014-03-31 21:20:49 96760 ----a-w- c:\windows\system32\dfshim.dll
2014-03-31 21:20:49 41984 ----a-w- c:\windows\system32\netfxperf.dll
2014-03-31 21:20:47 83968 ----a-w- c:\windows\system32\mscories.dll
2014-03-31 21:20:47 282112 ----a-w- c:\windows\system32\mscoree.dll
2014-03-31 21:20:47 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-03-31 21:04:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-03-31 21:04:15 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2014-03-31 21:04:15 1686528 ----a-w- c:\windows\system32\gameux.dll
2014-03-31 21:03:31 1645568 ----a-w- c:\windows\system32\connect.dll
2014-03-31 20:59:36 -------- d-----w- c:\windows\system32\MRT
2014-03-31 20:58:35 974336 ----a-w- c:\windows\system32\crypt32.dll
2014-03-31 20:57:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-31 20:57:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-03-31 20:57:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-03-31 20:57:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-03-31 20:57:28 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-31 20:57:28 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2014-03-31 20:57:28 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2014-03-31 20:57:26 311296 ----a-w- c:\windows\system32\unregmp2.exe
2014-03-31 20:57:26 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2014-03-31 18:19:16 -------- d-----w- c:\program files\Microsoft ActiveSync
2014-03-31 18:17:49 -------- dc----w- c:\program files\common files\L&H
2014-03-31 15:15:30 -------- d-----w- c:\users\budzone\appdata\roaming\DriverFinder
2014-03-31 13:20:08 -------- d-----w- c:\users\budzone\appdata\local\WindowsUpdate
2014-03-31 12:43:14 707072 ----a-w- c:\program files\common files\system\wab32.dll
2014-03-31 12:43:14 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2014-03-31 12:43:14 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2014-03-31 12:43:14 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2014-03-31 12:43:13 87040 ----a-w- c:\windows\system32\msoert2.dll
2014-03-31 12:43:13 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2014-03-31 12:43:13 205824 ----a-w- c:\windows\system32\msoeacct.dll
2014-03-31 12:43:13 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2014-03-31 12:43:11 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2014-03-31 12:43:10 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2014-03-31 12:43:10 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2014-03-31 12:42:42 175104 ----a-w- c:\windows\system32\wdigest.dll
2014-03-31 12:42:41 7680 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 12:42:41 72704 ----a-w- c:\windows\system32\secur32.dll
2014-03-31 12:42:41 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-03-31 12:42:41 216576 ----a-w- c:\windows\system32\msv1_0.dll
2014-03-31 12:42:41 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2014-03-31 11:26:48 -------- d-----w- c:\users\budzone\appdata\local\Macromedia
2014-03-31 00:04:50 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 00:04:50 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-30 21:50:47 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-30 21:47:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-30 21:25:19 -------- d-----w- c:\windows\Panther
2014-03-30 19:26:43 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-30 18:46:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-30 18:46:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-03-30 18:30:32 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2014-03-30 18:30:10 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2014-03-30 18:30:10 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2014-03-30 18:30:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2014-03-30 18:29:57 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-03-30 18:29:57 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-03-30 18:29:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2014-03-30 18:29:42 94720 ----a-w- c:\windows\system32\logagent.exe
2014-03-30 18:29:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2014-03-30 18:29:13 737792 ----a-w- c:\windows\system32\inetcomm.dll
2014-03-30 18:28:55 60928 ----a-w- c:\windows\system32\msasn1.dll
2014-03-30 18:28:41 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-30 18:28:41 152576 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-30 18:28:41 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-30 18:28:27 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2014-03-30 18:27:55 148480 ----a-w- c:\windows\system32\iisRtl.dll
2014-03-30 18:27:54 8192 ----a-w- c:\windows\system32\iisrstap.dll
2014-03-30 18:27:54 51200 ----a-w- c:\windows\system32\admwprox.dll
2014-03-30 18:27:54 14848 ----a-w- c:\windows\system32\iisreset.exe
2014-03-30 18:27:54 10752 ----a-w- c:\windows\system32\wamregps.dll
2014-03-30 18:27:51 396800 ----a-w- c:\windows\system32\drivers\http.sys
2014-03-30 18:27:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-03-30 18:27:51 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-03-30 18:26:22 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-30 18:26:07 274432 ----a-w- c:\windows\system32\raschap.dll
2014-03-30 18:26:07 232960 ----a-w- c:\windows\system32\rastls.dll
2014-03-30 18:25:50 321536 ----a-w- c:\windows\system32\WSDApi.dll
2014-03-30 18:25:35 633856 ----a-w- c:\windows\system32\user32.dll
2014-03-30 18:25:04 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-03-30 18:25:04 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-03-30 18:25:04 1327616 ----a-w- c:\windows\system32\quartz.dll
2014-03-30 18:25:04 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-03-30 18:25:03 88576 ----a-w- c:\windows\system32\avifil32.dll
2014-03-30 18:25:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-03-30 18:25:03 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-03-30 18:25:03 31232 ----a-w- c:\windows\system32\msvidc32.dll
2014-03-30 18:25:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-03-30 18:25:03 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-03-30 18:24:43 750080 ----a-w- c:\windows\system32\qmgr.dll
2014-03-30 18:24:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-03-30 18:23:57 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-30 18:23:28 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-30 17:58:45 -------- d-----w- c:\users\budzone\appdata\local\Mozilla
2014-03-30 17:58:18 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-30 17:56:26 -------- d-sh--w- c:\windows\Installer
2014-03-30 17:56:21 -------- d-----w- C:\temp
2014-03-30 17:56:17 -------- d-----w- c:\program files\Level Quality Watcher
2014-03-30 17:55:40 -------- d-----w- c:\program files\PlurPush
2014-03-30 17:08:18 -------- dcsh--w- C:\Boot
.
==================== Find3M ====================
.
2014-04-05 10:24:31 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2014-03-31 22:35:41 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2014-03-31 22:31:51 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui
2014-03-31 22:29:55 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2014-03-31 21:04:16 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2014-03-31 21:04:16 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2014-03-31 21:04:16 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-03-31 21:04:15 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2014-03-31 21:04:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
============= FINISH: 9:37:21.78 ===============
:snwelcome:
You have a lot of bogus toolbars and garbage installed, lets do this
Do this first...Important
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Beadbud5000
2014-04-29, 18:37
Hi
I have the web version of Spybot. TeaTimer does not exist here.
I ran spybot scan several times. I tried the Deep Root scan too and it found nothing.
I just today loaded the Firefox update that was just released.
I will only know for sure if that fixed the problem when I reboot my computer so you will get a second note today.
Trovi.com zapped Firefox with hereto sexual ads that are annoy as I am A GAY Male!
I will know after I reboot.
Please do not close this ticket!
Thanks! Bud
Beadbud5000
2014-04-29, 18:47
Hi
The new Firefox did NOT work! I got trovi.com start page with a distorted image of Oprah Windfery on it!
So the problem is not fixed and trovi is still attached.
Please advise.
Thanks!
Bud
Hi
I have the web version of Spybot. TeaTimer does not exist here.
I ran spybot scan several times. I tried the Deep Root scan too and it found nothing.
I just today loaded the Firefox update that was just released.
I will only know for sure if that fixed the problem when I reboot my computer so you will get a second note today.
Trovi.com zapped Firefox with hereto sexual ads that are annoy as I am A GAY Male!
I will know after I reboot.
Please do not close this ticket!
Thanks! Bud
Follow the instructions I posted and run AdwCleaner, Junkware removal tool and post the logs
Beadbud5000
2014-04-30, 00:08
It worked! Thank you!
# AdwCleaner v3.205 - Report created 29/04/2014 at 16:57:29
# Updated 28/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : ca82e1a5
[#] Service Deleted : CltMngSvc
[#] Service Deleted : Level Quality Watcher
[#] Service Deleted : tStLibG
[#] Service Deleted : Update PlurPush
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\PlurPush
Folder Deleted : C:\Program Files\SearchProtect
File Deleted : C:\Windows\system32\drivers\tStLibG.sys
File Deleted : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\user.js
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\Savings Bull
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlurPush
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.16386
-\\ Mozilla Firefox v29.0 (en-US)
[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD04EF258-F5D[...]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B[...]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=58&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
*************************
AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[S0].txt - [3864 octets] - [29/04/2014 16:57:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3924 octets] ##########
Thanks again!
Bud
We have a saying around these forums that is really true... THE ABSENCE OF SYMPTOMS DOES NOT GUARANTEE A CLEAN COMPUTER. Still more to do, run the Junkware removal tool and then when you post the log I have a couple of more scans for you to run to make sure we got it all
Beadbud5000
2014-05-01, 00:42
Hi
I ran a : Junkware Removal Tool by Thisisu – Version 6.1.4. I found it on Major Geeks. I used the author download.
It ran for hours today and it tested just about everything but disappeared when it was through. I fell asleep.
Still more further problems with my PC now.
Thanks!
Bud
I'm sure the version you ran is ok, but you need to use the download links that we post for the tools we want you to run, this way we can be sure its the right one and not bogus
Still more further problems with my PC now.
This is not telling me much ?????
http://i.imgur.com/GUZVCQN.jpg Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
http://www.bleepstatic.com/fhost/uploads/2/mbam2.0.1.jpg
Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
If an update is found, it will download and install the latest version.
Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
Press Scan Now then Skip Update (since we just updated it).
When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
Copy and Paste all of the information in that file to your next reply.
Beadbud5000
2014-05-01, 14:31
I ran this twice this morning. I exported after the second scan. The first scan found 5 items I chose to quarantine. The second for one item which I also quarantined; Here is the result:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/1/2014
Scan Time: 7:19:35 AM
Logfile: malwareBrun5-1.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217567
Time Elapsed: 4 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[5cdf004c6d0e6acc6581b2b0a163be42]
Physical Sectors: 0
(No malicious items detected)
(end)
Hi
I ran a : Junkware Removal Tool by Thisisu – Version 6.1.4. I found it on Major Geeks. I used the author download.
It ran for hours today and it tested just about everything but disappeared when it was through. I fell asleep.
Still more further problems with my PC now.
Thanks!
Bud
I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed
Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
Beadbud5000
2014-05-01, 23:20
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/1/2014
Scan Time: 7:19:35 AM
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217567
Time Elapsed: 4 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[5cdf004c6d0e6acc6581b2b0a163be42]
Physical Sectors: 0
(No malicious items detected)
(end)
I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed
Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
Beadbud5000
2014-05-01, 23:27
FYI
It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
I will keep trying asw time allows
Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items
How are things running now ?
Beadbud5000
2014-05-01, 23:45
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/1/2014
Scan Time: 4:39:14 PM
Logfile: 5-1-14.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217855
Time Elapsed: 9 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[f64ac785ea9170c678fbef748e76d42c]
Physical Sectors: 0
(No malicious items detected)
(end)
FYI
It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
I will keep trying as time allows
Still same report
Scan Date: 5/1/2014
Scan Time: 4:39:14 PM
Logfile: 5-1-14.txt
Administrator: Yes
Beadbud5000
2014-05-02, 03:03
I tried to go in manually.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
But I have no folder called ProgramData - so I looked in Program Files\MalwareBytes\Anti-Malware and there were no log files.
Are you sure MalwareBytes is not a trick site? Every time I have my PC running, even when I am not directly online, MalwareBytes keeps finding a malicious thread without being run once, then it found another during a scan run, and then it found nothing...
Spybot is fine. My pc is quirky since I changed to Vista after 7 or 8 years of XP. I hate Vista!! I have installed some Unix systems but I really do not know how to use those yet.
Any ideas?
Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items
How are things running now ?
I have seen reports of a bogus Malwarebytes download, but the links I provided are safe, did you use one of them or go out on your own to find Malwarebytes
You wont find the logs in program data, just the way I posted previously
Vista was not one of the best OS to ever come down the pike, have you tried upgrading to Windows 7, its a very nice OS, here is a link to the Win 7 Upgrade Advisor to see if your system can be upgraded
http://www.microsoft.com/en-us/download/details.aspx?id=20
Run this scanner and lets see if anything else shows up
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Beadbud5000
2014-05-02, 14:51
Hi
I think I have a ghost screen in my pc. I got your malwarebytes from the reply you sent yesterday Yesterday when downloading, i noticed flash screens or "flutter". I have been slaped with many malware issue on various computers since 2004. I have been through 5 or 6 donated computers after the buiness computer I bought in 2003 fried in 2005. I'd say I have a bogus Malware Bytes.
Also, I technically am legally blind (MS related)
Here is the results for the OTL data scans and thanks for your help!
OTL by OldTimer
• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
5-2-14 result
OTL Notepad
OTL logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\budzone\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
[2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
[2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/04/27 12:33:44 | 000,450,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
[2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
[2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
[2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
[2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
[2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
[2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
[2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
[2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
[2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/02 07:18:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 06:48:48 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/02 06:48:48 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 06:48:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 06:45:06 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/05/02 06:45:05 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/05/02 06:44:51 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/02 06:44:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/01 22:37:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
[2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/27 12:33:44 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
[2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
[2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
[2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
[2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
[2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
[2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
[2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
[2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
[2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
[2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
[2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
[2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
[2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
[2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
[2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
[2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
[2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
[2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
[2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
[2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
[2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
[2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
[2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
[2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
[2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
[2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
[2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
[2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
[2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
[2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
[2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
[2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
[2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
[2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
[2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
[2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
[2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
[2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
[2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
[2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
[2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
[2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
[2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
[2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
[2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
[2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
[2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
[2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
[2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
[2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
[2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
[2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
[2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
[2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
[2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
[2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
[2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
[2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
[2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
[2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
[2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
[2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
[2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
[2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
[2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
[2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
[2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
[2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
[2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
[2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
[2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
[2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
[2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
[2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
[2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini
========== ZeroAccess Check ==========
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Extras Notepad
OTL Extras logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{398CC83A-9771-44AB-B689-656418DCE800}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{D270D848-44E9-4FE5-AD5D-C9BA3A47DF88}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mint4win" = Linux_Mint_Main
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wubi" = Ubuntu
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/30/2014 3:56:15 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x10d20, application
start time 0x01cf64ae3bd3c7a4.
Error - 4/30/2014 3:56:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x11bb0, application
start time 0x01cf64ae411b4e4e.
Error - 4/30/2014 4:08:57 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12a08, application
start time 0x01cf64ae57d92e26.
Error - 4/30/2014 4:20:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12ec4, application
start time 0x01cf64b00812ef7e.
Error - 4/30/2014 5:19:58 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application SDWelcome.exe, version 2.2.21.129, time stamp
0x51dd1105, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034,
exception code 0xc0000005, fault offset 0x0004fcac, process id 0x25bc, application
start time 0x01cf64b9f0288f0e.
Error - 4/30/2014 5:23:20 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 6:26:40 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 6:50:56 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 8:44:30 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/2/2014 6:42:59 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
[ System Events ]
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants
The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Beadbud5000
2014-05-02, 16:50
It was very fast! It gave me the OTL txt file below
All processes killed
========== OTL ==========
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\budzone\Downloads\cmd.bat deleted successfully.
C:\Users\budzone\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: budzone
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: budzone
->Temp folder emptied: 2296684 bytes
->Temporary Internet Files folder emptied: 188857 bytes
->FireFox cache emptied: 371653716 bytes
->Google Chrome cache emptied: 381710367 bytes
->Flash cache emptied: 7621 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169769 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 721.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022014_094049
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants
The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Bud, no need to quote what I post, its just taking up valuable room on the forum.
Change your homepage with IE and then run a new scan with OTL and lets see where we stand
Beadbud5000
2014-05-02, 17:03
OTL logfile created on: 5/2/2014 9:55:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.50% Memory free
4.20 Gb Paging File | 3.21 Gb Available in Paging File | 76.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 198.21 Gb Free Space | 66.57% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\budzone\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
[2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
[2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/05/02 09:40:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/02 09:40:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
[2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
[2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
[2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
[2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
[2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
[2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
[2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
[2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
[2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/02 09:51:22 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/02 09:51:21 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 09:48:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 09:46:30 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/05/02 09:46:30 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/02 09:46:29 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 09:45:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 09:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/02 09:40:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/05/02 09:37:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
[2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
[2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
[2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
[2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
[2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
[2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
[2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
[2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
[2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
[2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
[2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
[2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
[2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
[2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
[2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
[2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
[2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
[2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
[2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
[2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
[2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
[2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
[2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
[2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
[2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
[2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
[2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
[2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
[2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
[2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
[2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
[2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
[2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
[2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
[2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
[2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
[2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
[2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
[2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
[2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
[2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
[2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
[2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
[2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
[2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
[2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
[2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
[2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
[2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
[2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
[2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
[2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
[2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
[2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
[2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
[2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
[2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
[2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
[2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
[2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
[2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
[2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
[2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
[2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
[2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
[2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
[2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
[2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
[2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
[2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
[2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
[2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
[2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
[2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
[2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
[2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini
========== ZeroAccess Check ==========
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Beadbud5000
2014-05-02, 17:26
I did another scan changing from Minimal to Standard scan mode.
OTL logfile created on: 5/2/2014 10:18:27 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.33% Memory free
4.20 Gb Paging File | 3.17 Gb Available in Paging File | 75.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 198.20 Gb Free Space | 66.57% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/02 09:55:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\budzone\Downloads\OTL(2).exe
PRC - [2014/04/24 08:42:53 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/31 18:52:59 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2014/03/31 18:38:28 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/04/30 15:37:31 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/09 18:59:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/31 18:52:59 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/30 14:27:52 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/12 12:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/15 05:17:40 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007/11/21 21:15:44 | 000,037,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\es1371mp.sys -- (es1371)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2014/04/07 07:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
[2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
[2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/05/02 09:40:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/02 09:40:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
[2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
[2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
[2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
[2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
[2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
[2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
[2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
[2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
[2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/02 09:51:22 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/02 09:51:21 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 09:48:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 09:46:30 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/05/02 09:46:30 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/02 09:46:29 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 09:45:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 09:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/02 09:40:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/05/02 09:37:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
[2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
[2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
[2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
[2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
[2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
[2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
[2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
[2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
[2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
[2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
[2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
[2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
[2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
[2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
[2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
[2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
[2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
[2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
[2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
[2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
[2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
[2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
[2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
[2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
[2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
[2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
[2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
[2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
[2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
[2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
[2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
[2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
[2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
[2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
[2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
[2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
[2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
[2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
[2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
[2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
[2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
[2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
[2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
[2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
[2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
[2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
[2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
[2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
[2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
[2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
[2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
[2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
[2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
[2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
[2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
[2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
[2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
[2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
[2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
[2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
[2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
[2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
[2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
[2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
[2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
[2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
[2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
[2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
[2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
[2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
[2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
[2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
[2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
[2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
[2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
[2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini
========== ZeroAccess Check ==========
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Looking good Bud, how is your system behaving now ??
Beadbud5000
2014-05-03, 00:26
Ken-
My PC is doing better! Much better!!!
Great, lets keep an eye on it, post back if any other issues , if not i will close this thread in a couple of days
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Beadbud5000
2014-05-03, 14:16
Ken
I ran two malwarebytes checks, the first last and the second this morning. This frst found a non-malware threat which I have seem before, The second was clean run this morning.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/2/2014
Scan Time: 6:00:14 PM
Logfile: 5-12-14 6pm.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.02.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218589
Time Elapsed: 7 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[946c60a0b64a6a96fcf0e87c42c2d729]
Physical Sectors: 0
(No malicious items detected)
(end)
Then this morning was clean after a fix last night
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/3/2014
Scan Time: 6:58:26 AM
Logfile: 5-3-14.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.03.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218689
Time Elapsed: 6 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Should I try not to use Chrome?
Thanks,
Bud
Looking good Bud, how is your system behaving now ??
Hello Bud,
Second run of Malwarebytes was clean, thats good, what it removed was just a leftover entry for conduit which was not removed by AdwCleaner as is may not have been in the database yet
Chome <-- This is my default browser and I really like it. Just dont use Internet Explorer as there is a new vulnerability that targets IE users and Microsoft has not issued a patch for it yet
Firefox has a new version that you may like also, both these browsers are more secure than IE
https://www.mozilla.org/en-US/firefox/25.0/system-requirements/
Beadbud5000
2014-05-05, 13:43
Ken
Malwarebytes found this PUP again today. What is interesting is that I have not used the Chrome browser all weekend... Here is the scan log.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/5/2014
Scan Time: 6:32:25 AM
Logfile: 5-5-14.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.05.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218829
Time Elapsed: 6 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[ff018977b24e41bf2045ff675da77c84]
Physical Sectors: 0
(No malicious items detected)
(end)
Thanks! Bud
Bud,
Lets do a few things
1.
Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Conduit and select Delete
2.
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults
Then download and run AddCleaner again
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Beadbud5000
2014-05-06, 03:03
Thanks Ken
I use Firefox more often but I do like Chrome. I never use IE except for Windows Update. I updated to the new Firefox almost a week ago.
I will just keep an eye on things here.
Bud
Hello Bud,
Second run of Malwarebytes was clean, thats good, what it removed was just a leftover entry for conduit which was not removed by AdwCleaner as is may not have been in the database yet
Chome <-- This is my default browser and I really like it. Just dont use Internet Explorer as there is a new vulnerability that targets IE users and Microsoft has not issued a patch for it yet
Firefox has a new version that you may like also, both these browsers are more secure than IE
https://www.mozilla.org/en-US/firefox/25.0/system-requirements/
:bigthumb:
Have FF check for updates as the newest version is 29
Beadbud5000
2014-05-07, 16:21
Ken
Firefox version is 29.
I ran malewarebytes and if found another threat via Google
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/7/2014
Scan Time: 7:03:57 AM
Logfile: 5-7.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.07.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 219485
Time Elapsed: 6 min, 15 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[37c9d32df60a946c177842277b89d030]
Physical Sectors: 0
(No malicious items detected)
(end)
Thanks Ken, for looking out! Bud
Bud, cant help you if you don't follow instructions, I need you to go back to my Post # 31 and follow those instructions
Beadbud5000
2014-05-07, 16:49
Ken
I am sorry. I did not see the thread you gave at first but then I finally did AFTER I posted this morning. All complete now.
Here is the Adwcleaner Notepad fill I just got after my reboot.
# AdwCleaner v3.207 - Report created 07/05/2014 at 09:38:24
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.16386
-\\ Mozilla Firefox v29.0 (en-US)
[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
*************************
AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[R1].txt - [1434 octets] - [07/05/2014 09:36:37]
AdwCleaner[S0].txt - [4004 octets] - [29/04/2014 16:57:29]
AdwCleaner[S1].txt - [1363 octets] - [07/05/2014 09:38:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1423 octets] ##########
My searches have been screwed up for a long time. Thank you!!! Bud
Did you follow the instructions that I gave you for resetting Chome
Beadbud5000
2014-05-07, 23:13
Ken
I did as you suggested with the resetting of chrome. I ran a malwarebytes scan a few minutes ago. All appears good.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/7/2014
Scan Time: 4:05:02 PM
Logfile: 5-7-14pm.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.07.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 219928
Time Elapsed: 5 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Thanks Bud
:bigthumb:
Looks like your good to go
Beadbud5000
2014-05-08, 15:53
Ken
Malarebytes found the same problem on the conduit (Google Chrome). The program look like it was saving my mornings log but it crapped out and left no record. What should I do?
Bud
Bud, When you run Malwarebytes and it finds the conduit entry and you checking it and having it removed ?
You need the 32 bit version of SystemLook
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Beadbud5000
2014-05-08, 23:20
Ken
I found the PUP conduit in a scan this morning and again this afternoon
See log below then I will try your suggest and thyen post those results.
Yes, I quarantine the PUP everytime.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/8/2014
Scan Time: 4:09:09 PM
Logfile: pup5-.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220151
Time Elapsed: 5 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[a8586f91d030ef11c6b2cf9d857f6f91]
Physical Sectors: 0
(No malicious items detected)
(end)
Beadbud5000
2014-05-08, 23:28
SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/05/2014 by budzone
Administrator - Elevation successful
========== folderfind ==========
Searching for "Conduit"
No folders found.
========== filefind ==========
Searching for "Conduit"
No files found.
========== regfind ==========
Searching for "Conduit"
No data found.
-= EOF =-
Beadbud5000
2014-05-09, 17:55
Ken
When I first ran the steps you advised in #31 I did get a conduit node (line) in Chrome. But on that first run I had trouble seeing the rteset browser settings in Chrome.
I ran the instructions in 31 just now after resetting as described. adwCleaner found a firefox line that was weird. I ran clean
Here is that log
# AdwCleaner v3.207 - Report created 09/05/2014 at 10:44:58
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\adwcleaner(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.16386
-\\ Mozilla Firefox v29.0 (en-US)
[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
*************************
AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[R1].txt - [1434 octets] - [07/05/2014 09:36:37]
AdwCleaner[R2].txt - [1553 octets] - [09/05/2014 10:43:53]
AdwCleaner[S0].txt - [4004 octets] - [29/04/2014 16:57:29]
AdwCleaner[S1].txt - [1503 octets] - [07/05/2014 09:38:24]
AdwCleaner[S2].txt - [1482 octets] - [09/05/2014 10:44:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1542 octets] ##########
Good, run Malwarebytes again and lets see if its gone
Beadbud5000
2014-05-09, 19:07
Ken
Also I will be away from this pc started Satuday through M<onday night. Can you leave tyhe ticket open untill I get back?
Thanks!
Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/9/2014
Scan Time: 11:59:36 AM
Logfile: 5-9-14noon.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.09.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220518
Time Elapsed: 5 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Yes. Lets keep an eye on it, when you return run Malwarebytes again and see if it returns
Beadbud5000
2014-05-10, 03:24
Ken
FRirefox did update security tonight but I decxided to run a scan and got this PUP
Here is the log file.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/9/2014
Scan Time: 8:09:29 PM
Logfile: 5-9-14pm2.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.09.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220770
Time Elapsed: 5 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[738d827ef60a52ae2c60511da2626b95]
Physical Sectors: 0
(No malicious items detected)
(end)
Lets try uninstalling Chome and go from there
Beadbud5000
2014-05-13, 02:35
Ken
I did uninstall Chrome. I ran a malwarebytes scan after the uninstall. All is cle:euro:an right now.
Thanks for all your help!
Bud:euro:
Your welcome Bud,
Take care,
Ken :)
Beadbud5000
2014-05-14, 14:26
Ken
My system showed as clean again this morning.
I am wondering if I need to upgrade spybot to 2.3. I just bought a year license at the end of March 2014. Will I need to buy another license if I update to 2.3?
Thanks!
Bud
I dont believe so but I am checking BRB
Beadbud5000
2014-05-14, 17:59
I will wait until I hear back from you then.
Bud
Bud,
Just got this
As licenses are annual I am not aware of any issues he'd encounter by upgrading from 2.2 to 2.3.
If such should arise, he can contact support or send me a PM. ( Tashi)
http://www.safer-networking.org/cont...edition-users/
So if you have any problems just let me know and we will take care of it for you
Beadbud5000
2014-05-15, 14:40
Hi Ken
What I am reading is that when upgrading to 2.3, if I do the free route, it looks like it will negate the antivirus I just added through Spybot, leaving me without.
I am comfortable with 2.2 and the antivirus I have at this moment that I got with the March purchase, in combination with the Spybot 2.2 Professional Home Edition. I paid 13.99 US in March 2014. If the upgrade to 2.3 doesn't really make a BIG difference, I'd just wait until next March (2015). But I do not know either. Malwarebytes wants over 24.99 for year for their pay version. It feels like Vista is causing me to hit a lot of snags.
The guy that had this PC tried Windows 7 on it and he had lots of problems. This PC was given to me around 2010 and it originally had a Vista OP. He still had the disk so he donated it to me as well.
I also would feel okay if I could just pay the difference which amounts to about 10 bucks more.
I am on a fixed income and 20 bucks is a lot of money.
Thus, that is why I am asking.
I have used spybot since 2004 in one for or the another. Your service to us marginally knowledgeable PC users is really a great value!
Bud
Hi Bud,
What I would do is post here
http://forums.spybot.info/forumdisplay.php?4-Spybot
The people that own and run Spybot Search and Destroy are more in tune to the inner workings of Spybot than I am and they will be able to guide you through the update process
Whoever installed Windows 7 must have done a poor job because Windows Vista was not a good operating system and Windows 7 was one of the better ones to come out
Hope you find the help that you need
Ken :)
Beadbud5000
2014-05-17, 15:33
Ken
I have been sick this last week. I will try to update today. My antivirus is not updating.
Bud
Bud, hope your feeling better today
If your talking about Spybot, post in the spybot forum I linked you to and they can help you straighten it out
Beadbud5000
2014-05-17, 22:49
Ken
I started a forum link today.
Thanks!
Bud
Beadbud5000
2014-05-19, 20:57
Ken
I ended up upgrading for 25.99 and that took care of some problems I was having. The Trovi issue is closed. Thanks for all your help!
Bud
Your welcome Bud,
My pleasure helping you
Ken :)